suguo
/
googleapis
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Synchronize new proto/yaml changes. 

PiperOrigin-RevId: 274176458
This commit is contained in:
Google APIs 2019-10-11 08:21:14 -07:00 committed by Copybara-Service
parent 6c96f3340f
commit 50e2b02e1e
7 changed files with 336 additions and 233 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
google/cloud/binaryauthorization/artman_binaryauthorization_v1beta1.yaml
View File

@ -6,8 +6,9 @@ common:
- name: google-common-protos
src_proto_paths:
- v1beta1
service_yaml: binaryauthorization_v1beta1.yaml
service_yaml: v1beta1/binaryauthorization_v1beta1.yaml
gapic_yaml: v1beta1/binaryauthorization_gapic.yaml
proto_package: google.cloud.binaryauthorization.v1beta1
artifacts:
- name: gapic_config
type: GAPIC_CONFIG

197
google/cloud/binaryauthorization/v1beta1/binaryauthorization_gapic.legacy.yaml Normal file
View File

@ -0,0 +1,197 @@
type: com.google.api.codegen.ConfigProto
config_schema_version: 1.0.0
# The settings of generated code in a specific language.
language_settings:
java:
package_name: com.google.cloud.binaryauthorization.v1beta1
python:
package_name: google.cloud.binaryauthorization_v1beta1.gapic
go:
package_name: cloud.google.com/go/binaryauthorization/apiv1beta1
csharp:
package_name: Google.Cloud.Binaryauthorization.V1beta1
ruby:
package_name: Google::Cloud::Binaryauthorization::V1beta1
php:
package_name: Google\Cloud\Binaryauthorization\V1beta1
nodejs:
package_name: binaryauthorization.v1beta1
# A list of API interface configurations.
interfaces:
- name: google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1
# A list of resource collection configurations.
# Consists of a name_pattern and an entity_name.
# The name_pattern is a pattern to describe the names of the resources of this
# collection, using the platform's conventions for URI patterns. A generator
# may use this to generate methods to compose and decompose such names. The
# pattern should use named placeholders as in `shelves/{shelf}/books/{book}`;
# those will be taken as hints for the parameter names of the generated
# methods. If empty, no name methods are generated.
# The entity_name is the name to be used as a basis for generated methods and
# classes.
collections:
- name_pattern: projects/{project}
entity_name: project
- name_pattern: projects/{project}/attestors/{attestor}
entity_name: attestor
- name_pattern: projects/{project}/policy
entity_name: project_policy
# Definition for retryable codes.
retry_codes_def:
- name: idempotent
retry_codes:
- DEADLINE_EXCEEDED
- UNAVAILABLE
- name: non_idempotent
retry_codes: []
# Definition for retry/backoff parameters.
retry_params_def:
- name: default
initial_retry_delay_millis: 100
retry_delay_multiplier: 1.3
max_retry_delay_millis: 60000
initial_rpc_timeout_millis: 20000
rpc_timeout_multiplier: 1
max_rpc_timeout_millis: 20000
total_timeout_millis: 600000
# A list of method configurations.
# Common properties:
#
# name - The simple name of the method.
#
# flattening - Specifies the configuration for parameter flattening.
# Describes the parameter groups for which a generator should produce method
# overloads which allow a client to directly pass request message fields as
# method parameters. This information may or may not be used, depending on
# the target language.
# Consists of groups, which each represent a list of parameters to be
# flattened. Each parameter listed must be a field of the request message.
#
# required_fields - Fields that are always required for a request to be
# valid.
#
# page_streaming - Specifies the configuration for paging.
# Describes information for generating a method which transforms a paging
# list RPC into a stream of resources.
# Consists of a request and a response.
# The request specifies request information of the list method. It defines
# which fields match the paging pattern in the request. The request consists
# of a page_size_field and a token_field. The page_size_field is the name of
# the optional field specifying the maximum number of elements to be
# returned in the response. The token_field is the name of the field in the
# request containing the page token.
# The response specifies response information of the list method. It defines
# which fields match the paging pattern in the response. The response
# consists of a token_field and a resources_field. The token_field is the
# name of the field in the response containing the next page token. The
# resources_field is the name of the field in the response containing the
# list of resources belonging to the page.
#
# retry_codes_name - Specifies the configuration for retryable codes. The
# name must be defined in interfaces.retry_codes_def.
#
# retry_params_name - Specifies the configuration for retry/backoff
# parameters. The name must be defined in interfaces.retry_params_def.
#
# field_name_patterns - Maps the field name of the request type to
# entity_name of interfaces.collections.
# Specifies the string pattern that the field must follow.
#
# timeout_millis - Specifies the default timeout for a non-retrying call. If
# the call is retrying, refer to retry_params_name instead.
methods:
- name: GetPolicy
flattening:
groups:
- parameters:
- name
required_fields:
- name
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: project_policy
timeout_millis: 60000
- name: UpdatePolicy
flattening:
groups:
- parameters:
- policy
required_fields:
- policy
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
policy.name: project_policy
timeout_millis: 60000
- name: CreateAttestor
flattening:
groups:
- parameters:
- parent
- attestor_id
- attestor
required_fields:
- parent
- attestor_id
- attestor
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
parent: project
timeout_millis: 60000
- name: GetAttestor
flattening:
groups:
- parameters:
- name
required_fields:
- name
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: attestor
timeout_millis: 60000
- name: UpdateAttestor
flattening:
groups:
- parameters:
- attestor
required_fields:
- attestor
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
attestor.name: attestor
timeout_millis: 60000
- name: ListAttestors
flattening:
groups:
- parameters:
- parent
required_fields:
- parent
page_streaming:
request:
page_size_field: page_size
token_field: page_token
response:
token_field: next_page_token
resources_field: attestors
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
parent: project
timeout_millis: 60000
- name: DeleteAttestor
flattening:
groups:
- parameters:
- name
required_fields:
- name
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: attestor
timeout_millis: 60000

182
google/cloud/binaryauthorization/v1beta1/binaryauthorization_gapic.yaml
View File

@ -1,5 +1,5 @@
type: com.google.api.codegen.ConfigProto
config_schema_version: 1.0.0
config_schema_version: 2.0.0
# The settings of generated code in a specific language.
language_settings:
java:
@ -16,183 +16,3 @@ language_settings:
package_name: Google\Cloud\Binaryauthorization\V1beta1
nodejs:
package_name: binaryauthorization.v1beta1
# A list of API interface configurations.
interfaces:
# The fully qualified name of the API interface.
- name: google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1
# A list of resource collection configurations.
# Consists of a name_pattern and an entity_name.
# The name_pattern is a pattern to describe the names of the resources of this
# collection, using the platform's conventions for URI patterns. A generator
# may use this to generate methods to compose and decompose such names. The
# pattern should use named placeholders as in `shelves/{shelf}/books/{book}`;
# those will be taken as hints for the parameter names of the generated
# methods. If empty, no name methods are generated.
# The entity_name is the name to be used as a basis for generated methods and
# classes.
collections:
- name_pattern: projects/{project}
entity_name: project
- name_pattern: projects/{project}/attestors/{attestor}
entity_name: attestor
- name_pattern: projects/{project}/policy
entity_name: project_policy
# Definition for retryable codes.
retry_codes_def:
- name: idempotent
retry_codes:
- DEADLINE_EXCEEDED
- UNAVAILABLE
- name: non_idempotent
retry_codes: []
# Definition for retry/backoff parameters.
retry_params_def:
- name: default
initial_retry_delay_millis: 100
retry_delay_multiplier: 1.3
max_retry_delay_millis: 60000
initial_rpc_timeout_millis: 20000
rpc_timeout_multiplier: 1
max_rpc_timeout_millis: 20000
total_timeout_millis: 600000
# A list of method configurations.
# Common properties:
#
# name - The simple name of the method.
#
# flattening - Specifies the configuration for parameter flattening.
# Describes the parameter groups for which a generator should produce method
# overloads which allow a client to directly pass request message fields as
# method parameters. This information may or may not be used, depending on
# the target language.
# Consists of groups, which each represent a list of parameters to be
# flattened. Each parameter listed must be a field of the request message.
#
# required_fields - Fields that are always required for a request to be
# valid.
#
# page_streaming - Specifies the configuration for paging.
# Describes information for generating a method which transforms a paging
# list RPC into a stream of resources.
# Consists of a request and a response.
# The request specifies request information of the list method. It defines
# which fields match the paging pattern in the request. The request consists
# of a page_size_field and a token_field. The page_size_field is the name of
# the optional field specifying the maximum number of elements to be
# returned in the response. The token_field is the name of the field in the
# request containing the page token.
# The response specifies response information of the list method. It defines
# which fields match the paging pattern in the response. The response
# consists of a token_field and a resources_field. The token_field is the
# name of the field in the response containing the next page token. The
# resources_field is the name of the field in the response containing the
# list of resources belonging to the page.
#
# retry_codes_name - Specifies the configuration for retryable codes. The
# name must be defined in interfaces.retry_codes_def.
#
# retry_params_name - Specifies the configuration for retry/backoff
# parameters. The name must be defined in interfaces.retry_params_def.
#
# field_name_patterns - Maps the field name of the request type to
# entity_name of interfaces.collections.
# Specifies the string pattern that the field must follow.
#
# timeout_millis - Specifies the default timeout for a non-retrying call. If
# the call is retrying, refer to retry_params_name instead.
methods:
- name: GetPolicy
flattening:
groups:
- parameters:
- name
required_fields:
- name
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: project_policy
timeout_millis: 60000
- name: UpdatePolicy
flattening:
groups:
- parameters:
- policy
required_fields:
- policy
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
policy.name: project_policy
timeout_millis: 60000
- name: CreateAttestor
flattening:
groups:
- parameters:
- parent
- attestor_id
- attestor
required_fields:
- parent
- attestor_id
- attestor
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
parent: project
timeout_millis: 60000
- name: GetAttestor
flattening:
groups:
- parameters:
- name
required_fields:
- name
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: attestor
timeout_millis: 60000
- name: UpdateAttestor
flattening:
groups:
- parameters:
- attestor
required_fields:
- attestor
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
attestor.name: attestor
timeout_millis: 60000
- name: ListAttestors
flattening:
groups:
- parameters:
- parent
required_fields:
- parent
page_streaming:
request:
page_size_field: page_size
token_field: page_token
response:
token_field: next_page_token
resources_field: attestors
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
parent: project
timeout_millis: 60000
- name: DeleteAttestor
flattening:
groups:
- parameters:
- name
required_fields:
- name
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: attestor
timeout_millis: 60000

51
google/cloud/binaryauthorization/v1beta1/binaryauthorization_grpc_service_config.json Executable file
View File

@ -0,0 +1,51 @@
{
"methodConfig": [
{
"name": [
{
"service": "google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1",
"method": "GetPolicy"
},
{
"service": "google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1",
"method": "UpdatePolicy"
},
{
"service": "google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1",
"method": "GetAttestor"
},
{
"service": "google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1",
"method": "UpdateAttestor"
},
{
"service": "google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1",
"method": "ListAttestors"
},
{
"service": "google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1",
"method": "DeleteAttestor"
}
],
"timeout": "600s",
"retryPolicy": {
"initialBackoff": "0.100s",
"maxBackoff": "60s",
"backoffMultiplier": 1.3,
"retryableStatusCodes": [
"DEADLINE_EXCEEDED",
"UNAVAILABLE"
]
}
},
{
"name": [
{
"service": "google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1",
"method": "CreateAttestor"
}
],
"timeout": "600s"
}
]
}

22
google/cloud/binaryauthorization/binaryauthorization_v1beta1.yaml → google/cloud/binaryauthorization/v1beta1/binaryauthorization_v1beta1.yaml
View File

@ -21,6 +21,9 @@ documentation:
Sets the access control policy on the specified resource. Replaces
any existing policy.
Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and
PERMISSION_DENIED
- selector: google.iam.v1.IAMPolicy.TestIamPermissions
description: |-
Returns permissions that a caller has on the specified resource. If the
@ -31,25 +34,6 @@ documentation:
permission-aware UIs and command-line tools, not for authorization
checking. This operation may "fail open" without warning.
http:
rules:
- selector: google.iam.v1.IAMPolicy.GetIamPolicy
get: '/v1beta1/{resource=projects/*/policy}:getIamPolicy'
additional_bindings:
- get: '/v1beta1/{resource=projects/*/attestors/*}:getIamPolicy'
- selector: google.iam.v1.IAMPolicy.SetIamPolicy
post: '/v1beta1/{resource=projects/*/policy}:setIamPolicy'
body: '*'
additional_bindings:
- post: '/v1beta1/{resource=projects/*/attestors/*}:setIamPolicy'
body: '*'
- selector: google.iam.v1.IAMPolicy.TestIamPermissions
post: '/v1beta1/{resource=projects/*/policy}:testIamPermissions'
body: '*'
additional_bindings:
- post: '/v1beta1/{resource=projects/*/attestors/*}:testIamPermissions'
body: '*'
authentication:
rules:
- selector: 'google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1.*'

48
google/cloud/binaryauthorization/v1beta1/resources.proto
View File

@ -17,14 +17,21 @@ syntax = "proto3";
package google.cloud.binaryauthorization.v1beta1;
import "google/api/annotations.proto";
import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/protobuf/timestamp.proto";
import "google/api/annotations.proto";
option cc_enable_arenas = true;
option go_package = "google.golang.org/genproto/googleapis/cloud/binaryauthorization/v1beta1;binaryauthorization";
// A [policy][google.cloud.binaryauthorization.v1beta1.Policy] for container image binary authorization.
message Policy {
option (google.api.resource) = {
type: "binaryauthorization.googleapis.com/Policy"
pattern: "projects/{project}/policy"
};
enum GlobalPolicyEvaluationMode {
// Not specified: DISABLE is assumed.
GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0;
@ -38,21 +45,21 @@ message Policy {
// Output only. The resource name, in the format `projects/*/policy`. There is
// at most one policy per project.
string name = 1;
string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
// Optional. A descriptive comment.
string description = 6;
string description = 6 [(google.api.field_behavior) = OPTIONAL];
// Optional. Controls the evaluation of a Google-maintained global admission
// policy for common system-level images. Images not covered by the global
// policy will be subject to the project admission policy. This setting
// has no effect when specified inside a global admission policy.
GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7;
GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(google.api.field_behavior) = OPTIONAL];
// Optional. Admission policy whitelisting. A matching admission request will
// always be permitted. This feature is typically used to exclude Google or
// third-party infrastructure images from Binary Authorization policies.
repeated AdmissionWhitelistPattern admission_whitelist_patterns = 2;
repeated AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. Per-cluster admission rules. Cluster spec format:
// `location.clusterId`. There can be at most one admission rule per cluster
@ -61,14 +68,14 @@ message Policy {
// (e.g. us-central1).
// For `clusterId` syntax restrictions see
// https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, AdmissionRule> cluster_admission_rules = 3;
map<string, AdmissionRule> cluster_admission_rules = 3 [(google.api.field_behavior) = OPTIONAL];
// Required. Default admission rule for a cluster without a per-cluster, per-
// kubernetes-service-account, or per-istio-service-identity admission rule.
AdmissionRule default_admission_rule = 4;
AdmissionRule default_admission_rule = 4 [(google.api.field_behavior) = REQUIRED];
// Output only. Time when the policy was last updated.
google.protobuf.Timestamp update_time = 5;
google.protobuf.Timestamp update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
}
// An [admission whitelist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] exempts images
@ -119,7 +126,7 @@ message AdmissionRule {
}
// Required. How this admission rule will be evaluated.
EvaluationMode evaluation_mode = 1;
EvaluationMode evaluation_mode = 1 [(google.api.field_behavior) = REQUIRED];
// Optional. The resource names of the attestors that must attest to
// a container image, in the format `projects/*/attestors/*`. Each
@ -129,23 +136,28 @@ message AdmissionRule {
//
// Note: this field must be non-empty when the evaluation_mode field specifies
// REQUIRE_ATTESTATION, otherwise it must be empty.
repeated string require_attestations_by = 2;
repeated string require_attestations_by = 2 [(google.api.field_behavior) = OPTIONAL];
// Required. The action when a pod creation is denied by the admission rule.
EnforcementMode enforcement_mode = 3;
EnforcementMode enforcement_mode = 3 [(google.api.field_behavior) = REQUIRED];
}
// An [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] that attests to container image
// artifacts. An existing attestor cannot be modified except where
// indicated.
message Attestor {
option (google.api.resource) = {
type: "binaryauthorization.googleapis.com/Attestor"
pattern: "projects/{project}/attestors/{attestor}"
};
// Required. The resource name, in the format:
// `projects/*/attestors/*`. This field may not be updated.
string name = 1;
string name = 1 [(google.api.field_behavior) = REQUIRED];
// Optional. A descriptive comment. This field may be updated.
// The field may be displayed in chooser dialogs.
string description = 6;
string description = 6 [(google.api.field_behavior) = OPTIONAL];
// Required. Identifies an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] that attests to a
// container image artifact. This determines how an attestation will
@ -158,7 +170,7 @@ message Attestor {
}
// Output only. Time when the attestor was last updated.
google.protobuf.Timestamp update_time = 4;
google.protobuf.Timestamp update_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
}
// An [user owned drydock note][google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote] references a Drydock
@ -171,7 +183,7 @@ message UserOwnedDrydockNote {
// An attestation by this attestor is stored as a Drydock
// ATTESTATION_AUTHORITY Occurrence that names a container image and that
// links to this Note. Drydock is an external dependency.
string note_reference = 1;
string note_reference = 1 [(google.api.field_behavior) = REQUIRED];
// Optional. Public keys that verify attestations signed by this
// attestor. This field may be updated.
@ -182,7 +194,7 @@ message UserOwnedDrydockNote {
//
// If this field is empty, this attestor always returns that no
// valid attestations exist.
repeated AttestorPublicKey public_keys = 2;
repeated AttestorPublicKey public_keys = 2 [(google.api.field_behavior) = OPTIONAL];
// Output only. This field will contain the service account email address
// that this Attestor will use as the principal when querying Container
@ -193,7 +205,7 @@ message UserOwnedDrydockNote {
// This email address is fixed for the lifetime of the Attestor, but callers
// should not make any other assumptions about the service account email;
// future versions may use an email based on a different naming pattern.
string delegation_service_account_email = 3;
string delegation_service_account_email = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
}
// A public key in the PkixPublicKey format (see
@ -261,7 +273,7 @@ message PkixPublicKey {
// attestations signed by this attestor.
message AttestorPublicKey {
// Optional. A descriptive comment. This field may be updated.
string comment = 1;
string comment = 1 [(google.api.field_behavior) = OPTIONAL];
// The ID of this public key.
// Signatures verified by BinAuthz must include the ID of the public key that

66
google/cloud/binaryauthorization/v1beta1/service.proto
View File

@ -18,6 +18,9 @@ syntax = "proto3";
package google.cloud.binaryauthorization.v1beta1;
import "google/api/annotations.proto";
import "google/api/client.proto";
import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/cloud/binaryauthorization/v1beta1/resources.proto";
import "google/protobuf/empty.proto";
@ -33,18 +36,22 @@ option go_package = "google.golang.org/genproto/googleapis/cloud/binaryauthoriza
//
// * [Policy][google.cloud.binaryauthorization.v1beta1.Policy]
// * [Attestor][google.cloud.binaryauthorization.v1beta1.Attestor]
//
// A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must attest to
// a container image, before the project is allowed to deploy that
// image. There is at most one policy per project. All image admission
// requests are permitted if a project has no policy.
service BinauthzManagementServiceV1Beta1 {
option (google.api.default_host) = "binaryauthorization.googleapis.com";
option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
// A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must attest to
// a container image, before the project is allowed to deploy that
// image. There is at most one policy per project. All image admission
// requests are permitted if a project has no policy.
//
// Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this project. Returns a default
// [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project does not have one.
rpc GetPolicy(GetPolicyRequest) returns (Policy) {
option (google.api.http) = {
get: "/v1beta1/{name=projects/*/policy}"
};
option (google.api.method_signature) = "name";
}
// Creates or updates a project's [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a copy of the
@ -57,6 +64,7 @@ service BinauthzManagementServiceV1Beta1 {
put: "/v1beta1/{policy.name=projects/*/policy}"
body: "policy"
};
option (google.api.method_signature) = "policy";
}
// Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor], and returns a copy of the new
@ -68,6 +76,7 @@ service BinauthzManagementServiceV1Beta1 {
post: "/v1beta1/{parent=projects/*}/attestors"
body: "attestor"
};
option (google.api.method_signature) = "parent,attestor_id,attestor";
}
// Gets an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
@ -76,6 +85,7 @@ service BinauthzManagementServiceV1Beta1 {
option (google.api.http) = {
get: "/v1beta1/{name=projects/*/attestors/*}"
};
option (google.api.method_signature) = "name";
}
// Updates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
@ -85,6 +95,7 @@ service BinauthzManagementServiceV1Beta1 {
put: "/v1beta1/{attestor.name=projects/*/attestors/*}"
body: "attestor"
};
option (google.api.method_signature) = "attestor";
}
// Lists [attestors][google.cloud.binaryauthorization.v1beta1.Attestor].
@ -93,6 +104,7 @@ service BinauthzManagementServiceV1Beta1 {
option (google.api.http) = {
get: "/v1beta1/{parent=projects/*}/attestors"
};
option (google.api.method_signature) = "parent";
}
// Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the
@ -101,6 +113,7 @@ service BinauthzManagementServiceV1Beta1 {
option (google.api.http) = {
delete: "/v1beta1/{name=projects/*/attestors/*}"
};
option (google.api.method_signature) = "name";
}
}
@ -108,7 +121,12 @@ service BinauthzManagementServiceV1Beta1 {
message GetPolicyRequest {
// Required. The resource name of the [policy][google.cloud.binaryauthorization.v1beta1.Policy] to retrieve,
// in the format `projects/*/policy`.
string name = 1;
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "binaryauthorization.googleapis.com/Policy"
}
];
}
// Request message for [BinauthzManagementService.UpdatePolicy][].
@ -116,28 +134,38 @@ message UpdatePolicyRequest {
// Required. A new or updated [policy][google.cloud.binaryauthorization.v1beta1.Policy] value. The service will
// overwrite the [policy name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the resource name in
// the request URL, in the format `projects/*/policy`.
Policy policy = 1;
Policy policy = 1 [(google.api.field_behavior) = REQUIRED];
}
// Request message for [BinauthzManagementService.CreateAttestor][].
message CreateAttestorRequest {
// Required. The parent of this [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
string parent = 1;
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "cloudresourcemanager.googleapis.com/Project"
}
];
// Required. The [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] ID.
string attestor_id = 2;
string attestor_id = 2 [(google.api.field_behavior) = REQUIRED];
// Required. The initial [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] value. The service will
// overwrite the [attestor name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with the resource name,
// in the format `projects/*/attestors/*`.
Attestor attestor = 3;
Attestor attestor = 3 [(google.api.field_behavior) = REQUIRED];
}
// Request message for [BinauthzManagementService.GetAttestor][].
message GetAttestorRequest {
// Required. The name of the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] to retrieve, in the format
// `projects/*/attestors/*`.
string name = 1;
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "binaryauthorization.googleapis.com/Attestor"
}
];
}
// Request message for [BinauthzManagementService.UpdateAttestor][].
@ -145,14 +173,19 @@ message UpdateAttestorRequest {
// Required. The updated [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] value. The service will
// overwrite the [attestor name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with the resource name
// in the request URL, in the format `projects/*/attestors/*`.
Attestor attestor = 1;
Attestor attestor = 1 [(google.api.field_behavior) = REQUIRED];
}
// Request message for [BinauthzManagementService.ListAttestors][].
message ListAttestorsRequest {
// Required. The resource name of the project associated with the
// [attestors][google.cloud.binaryauthorization.v1beta1.Attestor], in the format `projects/*`.
string parent = 1;
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "cloudresourcemanager.googleapis.com/Project"
}
];
// Requested page size. The server may return fewer results than requested. If
// unspecified, the server will pick an appropriate default.
@ -179,5 +212,10 @@ message ListAttestorsResponse {
message DeleteAttestorRequest {
// Required. The name of the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] to delete, in the format
// `projects/*/attestors/*`.
string name = 1;
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "binaryauthorization.googleapis.com/Attestor"
}
];
}